Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for generating an electronic signature of a user for an electronic document, a telecommunication terminal of a telecommunication network being assigned to the user, said method comprising the following steps: establishing a secure Internet session between the telecommunication terminal of the user and a signature server computer system, receiving a code from the signature server computer system via a separate and/or separately secured side channel by the telecommunication terminal, transmitting a combination of code and authentication information of the user via the secure Internet session to the signature server computer system, checking the validity of the combination of code and authentication information by the signature server computer system, and generating the electronic signature of the user by a high-security module of the signature server computer system, wherein the private key of the user for generating the electronic signature is stored in the high-security module, wherein the method further comprises the following steps for an initial registration of the user by the signature server computer system: authenticating the user to an ID token assigned to the user, wherein the ID token has a protected memory area, in which attribute values of attributes of the user are stored, authenticating the signature server computer system to the ID token via the Internet, establishing a connection with end-to-end encryption between the signature server computer system and the ID token via the Internet and the telecommunication terminal, transmitting the attribute values of the user from the ID token to the signature server computer system via the connection with end-to-end encryption, and storing a user profile of the user, which profile contains the attribute values of the user received from the ID token, in order to carry out the registration of the user by the signature server computer system.
This invention relates to a method for generating an electronic signature for a user in a telecommunication network. The method addresses the need for secure electronic signature generation by leveraging a telecommunication terminal and a signature server computer system. The process begins by establishing a secure Internet session between the user's telecommunication terminal and the signature server. A code is then received by the terminal via a separate or separately secured side channel, such as SMS or a dedicated app. The user combines this code with their authentication information and transmits it to the signature server over the secure session. The server validates the combination and, if valid, generates an electronic signature using a high-security module that stores the user's private key. For initial registration, the user authenticates to an ID token containing protected attribute values. The signature server authenticates to the ID token and establishes an end-to-end encrypted connection via the Internet and the telecommunication terminal. The user's attribute values are transmitted securely to the server, which then creates a user profile for future signature generation. This method ensures secure authentication and signature generation while maintaining the privacy of user data.
2. The method according to claim 1 , wherein the code is a random value or a pseudorandom value which is generated by the signature server computer system on the basis of the receipt of a signature request for the generation of the electronic signature via the secure Internet session.
This invention relates to electronic signature systems, specifically methods for generating secure electronic signatures. The problem addressed is ensuring the integrity and authenticity of electronic signatures in online transactions. The invention involves a signature server computer system that generates a random or pseudorandom code in response to a signature request received via a secure Internet session. This code is used to create the electronic signature, enhancing security by making it difficult to predict or replicate. The system ensures that the signature is uniquely tied to the specific transaction and session, reducing the risk of fraud or tampering. The random or pseudorandom nature of the code adds an additional layer of security, as it cannot be easily guessed or precomputed by an attacker. This method improves upon existing electronic signature systems by incorporating dynamic, session-specific elements that are generated on-demand, making the signature process more resilient to attacks. The invention is particularly useful in financial transactions, legal agreements, and other applications where secure authentication is critical.
3. The method according to claim 1 , wherein the secure Internet session is an https session.
A method for establishing a secure Internet session involves creating an encrypted communication channel between a client device and a server. The session is established using a secure protocol to protect data transmitted between the devices. In this method, the secure Internet session is specifically an HTTPS (Hypertext Transfer Protocol Secure) session, which uses TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to encrypt data and ensure secure communication. The method may include steps such as initiating a connection, exchanging encryption keys, and verifying digital certificates to authenticate the server and establish a trusted connection. The HTTPS session ensures confidentiality, integrity, and authentication of data exchanged between the client and server, preventing unauthorized access or tampering. This approach is commonly used in web applications, online transactions, and other scenarios where secure data transmission is required. The method may also include additional security measures, such as enforcing strong encryption standards, validating certificates, and monitoring for suspicious activity during the session. The use of HTTPS ensures that all data transmitted over the Internet remains protected from interception or modification by malicious actors.
4. The method according to claim 1 wherein the code is received by the telecommunication terminal via the side channel of the mobile communication network as an SMS message or as a generated automatic voice message.
This invention relates to secure communication in mobile networks, specifically addressing the challenge of delivering authentication codes to telecommunication terminals without relying on the primary communication channel, which may be compromised. The method involves transmitting a code to a terminal via a side channel of the mobile communication network, such as an SMS message or an automatically generated voice message. This side channel is separate from the main communication path, reducing the risk of interception or tampering. The code is used to authenticate the terminal or a user, ensuring secure access to services or data. The method may also include generating the code at a network server, encrypting it for transmission, and verifying its integrity upon receipt. By leveraging the side channel, the system enhances security by isolating the authentication process from potential vulnerabilities in the primary communication channel. This approach is particularly useful in scenarios where the main communication path may be exposed to attacks, such as man-in-the-middle or spoofing attempts. The invention improves the reliability and security of authentication in mobile networks.
5. The method according to claim 1 wherein the user is authenticated to the telecommunication terminal, for example by the user logging in to the signature server computer system via the secure Internet session, so that the identity of the user is recognised by the signature server computer system.
This invention relates to a method for securely authenticating a user to a telecommunication terminal, such as a smartphone or computer, via a signature server computer system. The problem addressed is ensuring secure and reliable user authentication in telecommunication systems, particularly when accessing services or devices remotely. The method involves establishing a secure Internet session between the user and the signature server computer system. The user logs in to the server, providing credentials that verify their identity. Once authenticated, the signature server recognizes the user, enabling secure access to the telecommunication terminal or associated services. This authentication process ensures that only authorized users can interact with the system, preventing unauthorized access. The method may include additional steps, such as generating a digital signature or token upon successful authentication, which can be used to verify the user’s identity in subsequent interactions. The secure session ensures that authentication data is transmitted confidentially, protecting against interception or tampering. This approach enhances security in telecommunication systems by combining secure login procedures with server-side identity recognition.
6. The method according to claim 5 , wherein the electronic document to be signed is stored in a memory area of the signature server computer system accessible to the logged-in user, wherein the user selects the document via the secure Internet session, so that the document is transmitted to the telecommunication terminal and visualised there via the secure Internet session, whereupon the user sends the signature request for the generation of the electronic signature for the selected electronic document to the signature server computer system via the secure Internet session.
This invention relates to a method for generating electronic signatures for documents stored on a signature server computer system. The problem addressed is the secure and user-friendly process of signing electronic documents over the internet, ensuring authentication and integrity of the signing process. The method involves a user accessing a signature server computer system via a secure internet session. The user logs into the system, which provides access to a memory area containing electronic documents. The user selects a document from this memory area, and the document is transmitted to the user's telecommunication terminal (e.g., a smartphone, tablet, or computer) over the secure internet session. The document is then displayed on the terminal for review. After verifying the document, the user sends a signature request to the signature server computer system via the secure internet session. The server processes this request to generate an electronic signature for the selected document, ensuring the signing process is secure and authenticated. The method ensures that only authorized users can access and sign documents, and the secure transmission and display of documents prevent tampering or unauthorized access. This approach enhances the reliability and security of electronic signing processes in remote or digital environments.
7. The method according to claim 6 , wherein the electronic document has an identifier, the identifier is captured by the user with the aid of the telecommunication terminal, the telecommunication terminal sends a message, which includes the identifier, and the signature server computer system identifies the user on the basis of the message, accesses the electronic document with the aid of the identifier, and stores said document in the memory area of the user.
This invention relates to a system for securely storing electronic documents in a user-specific memory area using a telecommunication terminal. The problem addressed is the need for a secure and efficient way to associate electronic documents with specific users, ensuring proper access control and document management. The method involves capturing an identifier from an electronic document using a telecommunication terminal, such as a smartphone or tablet. The terminal sends a message containing this identifier to a signature server computer system. The server identifies the user based on the message, retrieves the electronic document using the identifier, and stores it in a designated memory area associated with the user. This ensures that the document is securely linked to the correct user, preventing unauthorized access or misplacement. The telecommunication terminal may use various input methods, such as scanning a barcode, capturing an image, or manually entering the identifier. The signature server verifies the user's identity, possibly through authentication mechanisms like biometrics or passwords, before granting access to the document. The stored document remains accessible only to the authenticated user, enhancing security and privacy. This approach streamlines document management by automating the association of documents with users, reducing manual errors, and ensuring secure storage. The system is particularly useful in environments where document tracking and user-specific access control are critical, such as legal, financial, or healthcare sectors.
8. The method according to claim 7 , wherein the telecommunication terminal generates an SMS message and sends it to the signature server computer system via the mobile communication network, wherein the SMS message contains the identifier of the document.
This invention relates to a system for securely verifying the authenticity of digital documents using a telecommunication terminal and a signature server. The problem addressed is the need for a reliable method to confirm the integrity and origin of digital documents in a way that is accessible via mobile communication networks. The system involves a telecommunication terminal, such as a mobile phone, that interacts with a signature server to verify document authenticity. The terminal generates an SMS message containing an identifier of the document and sends it to the signature server via a mobile communication network. The signature server processes the request and provides a verification result, which may include confirming the document's digital signature or other authentication data. The terminal then displays the verification result to the user, ensuring they can trust the document's validity. The method ensures secure and efficient document verification by leveraging existing mobile communication infrastructure, making it accessible to users without requiring specialized hardware or software. The SMS-based approach simplifies the verification process, reducing complexity while maintaining security. This solution is particularly useful in scenarios where users need to verify documents remotely or in environments with limited access to traditional computing resources.
9. The method according to claim 1 , wherein the authentication of the user to the ID token comprises the following steps: capturing a biometric feature of the user by an interface, comparing the captured biometric feature with a biometric feature stored on the ID token by the ID token, and authenticating the user if the captured biometric feature matches the stored biometric feature.
This invention relates to secure user authentication using biometric verification with an ID token. The problem addressed is the need for reliable, tamper-resistant authentication methods that do not rely solely on passwords or external databases, which can be compromised or spoofed. The method involves authenticating a user to an ID token by capturing a biometric feature, such as a fingerprint or facial scan, through an interface. The captured biometric data is then compared directly on the ID token itself with a pre-stored biometric template. If the captured biometric matches the stored template, the user is authenticated. This approach ensures that authentication is performed locally on the ID token, reducing the risk of data interception or unauthorized access. The ID token may be a smart card, mobile device, or other secure hardware that stores the biometric template. The comparison process is executed within the token’s secure environment, preventing external systems from accessing the biometric data. This enhances privacy and security by minimizing exposure of sensitive information. The method is particularly useful in scenarios requiring high-security authentication, such as financial transactions, access control, or identity verification, where traditional methods may be vulnerable to attacks. By leveraging on-device biometric matching, the system provides a robust and user-friendly authentication solution.
10. The method according to claim 1 comprising the following further steps for the initial registration of the user by the signature server computer system: reading at least one biometric feature of the user stored in the ID token from the ID token by the telecommunication terminal, detecting the attribute values of the user, transmitting the stored biometric feature from the telecommunication terminal to the signature computer system with end-to-end encryption, capturing at least one biometric feature of the user corresponding to the stored biometric feature by an interface of the telecommunication terminal, transmitting the captured biometric feature from the telecommunication terminal to the signature computer system with end-to-end encryption, and comparing the stored biometric feature and the captured biometric feature on the signature computer system and identifying the user if the stored biometric feature and the captured biometric feature match.
The invention relates to a secure user registration system using biometric authentication. The system addresses the challenge of verifying user identity during initial registration in a way that ensures privacy and security. A telecommunication terminal reads a biometric feature stored in an ID token, such as a fingerprint or facial recognition data, and retrieves associated user attribute values. The stored biometric feature is transmitted to a signature server computer system using end-to-end encryption. The terminal then captures a live biometric sample from the user, which is also sent to the server with encryption. The server compares the stored and captured biometric features. If they match, the user is identified and registered. This process ensures that the user's biometric data remains secure during transmission and verification, preventing unauthorized access or tampering. The system leverages encryption and biometric matching to enhance authentication reliability while protecting sensitive user information.
11. The method according to claim 10 , wherein the biometric feature is read by means of an interface of the telecommunication terminal, in particular by means of a camera, and the corresponding biometric feature of the user is captured using the same interface.
This invention relates to biometric authentication systems for telecommunication terminals, addressing the need for secure and convenient user verification. The method involves capturing a biometric feature of a user through an interface of the telecommunication terminal, such as a camera, and comparing it with a stored biometric template to authenticate the user. The system ensures that the same interface used for reading the biometric feature is also used for capturing the corresponding biometric feature of the user, streamlining the authentication process. This approach enhances security by reducing reliance on external devices and simplifying the user experience. The method is particularly useful in scenarios where quick and reliable authentication is required, such as accessing sensitive applications or services on the terminal. By integrating biometric capture and verification within the terminal's existing hardware, the system minimizes additional hardware requirements and improves efficiency. The invention is applicable to smartphones, tablets, and other telecommunication devices equipped with biometric sensors.
12. The method according to claim 1 wherein the electronic document contains at least one input field, wherein the signature server computer system accesses the user profile in order to enter one of the attribute values into the at least one input field.
This invention relates to electronic document processing systems that automate the population of input fields using user profile data. The problem addressed is the manual effort required to fill out repetitive or standardized information in electronic documents, such as forms, contracts, or applications. The solution involves a signature server computer system that retrieves attribute values from a user profile and automatically inserts them into designated input fields within an electronic document. The user profile stores predefined attribute values, such as names, addresses, or identification numbers, which are dynamically inserted into the document based on the field requirements. This reduces errors and streamlines document processing workflows. The system ensures data consistency by pulling values directly from a centralized user profile rather than relying on manual entry. The method may be applied to various document types, including legal agreements, financial forms, or administrative paperwork, where standardized information must be repeatedly entered. The invention improves efficiency by eliminating redundant data entry tasks while maintaining accuracy through automated profile-based field population.
13. The method according to claim 12 , wherein the input field and the attribute of which the attribute value is entered into the input field are semantically associated with one another.
This invention relates to data entry systems that improve user experience by semantically associating input fields with their corresponding attributes. The problem addressed is the inefficiency and potential errors in data entry when users must manually select or enter attribute values without clear guidance, leading to mismatches or incorrect data. The method involves a data entry interface where an input field is semantically linked to a specific attribute, ensuring that the value entered into the field is contextually relevant to that attribute. For example, if the attribute is "date of birth," the input field will be configured to accept only date values, and the system may provide validation or suggestions to guide the user. The semantic association ensures that the entered data aligns with the expected attribute type, reducing errors and improving data consistency. Additionally, the system may dynamically adjust the input field's behavior based on the attribute's properties, such as enforcing data formats, providing dropdown options, or validating input in real-time. This approach enhances usability by minimizing user confusion and ensuring that the entered data is both accurate and meaningful within the system's context. The method is particularly useful in applications requiring structured data entry, such as forms, databases, or user profiles.
14. The method according to claim 12 comprising the following steps: sending a first attribute specification-from the signature computer system to an ID provider computer system via the communication network, wherein the first attribute specification specifies the attributes required by the signature computer system in order to fill out the input fields of the document, authenticating the user to the ID token, authenticating the ID provider computer system to the ID token, authenticating the ID token to the ID provider computer system, establishing a first secure transmission channel with end-to-end encryption between the ID token and the ID provider computer system via the network, performing a first read access of the ID provider computer system to the ID token in order to read the attributes according to the first attribute specification from the ID token, transmitting a first set of the attributes specified in the first attribute specification and stored in the memory area of the ID token from the ID token to the ID provider computer system via the first secure transmission channel, generating a second attribute specification of a second set of the attributes of the first attribute specification, which specifies those attributes which are not contained in the first set, and transmitting the second attribute specification from the ID provider computer system to the ID token via the first secure transmission channel, storing the second attribute specification in the ID token, authenticating an attribute provider computer system to the ID token, authenticating the ID token to the attribute provider computer system, establishing a second secure transmission channel with end-to-end encryption between the attribute provider computer system and the ID token, wherein the first secure transmission channel remains unchanged, transmitting the second attribute specification from the ID token to the attribute provider computer system via the second secure transmission channel, performing a write access of the attribute provider computer via the second secure transmission channel in order to store attributes according to the second attribute specification in the ID token, performing a second read access of the ID provider computer system via the first secure transmission channel in order to read the attributes stored by the attribute provider computer system in accordance with the second attribute specification in the ID token, outputting the attributes read from the ID token on the basis of the read access by the ID provider computer system to the signature computer system, and inputting the attributes into the input fields of the document.
This invention relates to a secure method for managing and transferring user attributes between a signature computer system, an ID provider computer system, and an attribute provider computer system using an ID token. The method addresses the challenge of securely obtaining and updating user attributes required to fill out document input fields while ensuring data integrity and privacy. The process begins by sending a first attribute specification from the signature computer system to the ID provider computer system, detailing the attributes needed for the document. The user and the ID provider computer system authenticate to the ID token, which then establishes a first secure, end-to-end encrypted transmission channel with the ID provider. The ID provider reads the specified attributes from the ID token and transmits them to the signature computer system. If some attributes are missing, a second attribute specification is generated and sent to the ID token, which stores it. Next, the attribute provider computer system authenticates to the ID token, and a second secure transmission channel is established while the first remains active. The ID token sends the second attribute specification to the attribute provider, which then writes the missing attributes into the ID token. The ID provider reads these newly stored attributes via the first secure channel and forwards them to the signature computer system, where they are input into the document fields. This method ensures secure, authenticated, and encrypted attribute management across multiple systems.
15. A telecommunication terminal for requesting the generation of an electronic signature of a user for an electronic document from a signature server computer wherein the telecommunication terminal is assigned to the user, said telecommunication terminal configured to: establish a secure Internet session between the telecommunication terminal and the signature server computer system, receive the electronic document to be signed via the secure Internet session from the signature server computer system, and/or visualize the electronic document on a visualisation device of the telecommunication terminal, transmit a request of the user via the secure Internet session for the generation of the electronic signature by the signature server computer system for the electronic document visualised on the visualisation device, receive a code from the signature server computer system via a separate and/or separately secured side channel of the communication network, and transmit a combination of the code and authentication information of the user to the signature server computer system via the secure Internet session, wherein the telecommunication terminal comprises a communication interface for establishing a local connection to an ID token of the user, and wherein said telecommunication terminal is further configured to: authenticate the user to the ID token, and enable attributes of the user stored in the ID token to be read via the local connection by the signature server computer system with end-to-end encryption between the ID token and the signature server computer system.
This invention relates to a telecommunication terminal designed to facilitate the secure generation of electronic signatures for electronic documents. The system addresses the challenge of ensuring secure and authenticated electronic signing processes, particularly in environments where user identity verification and document integrity are critical. The telecommunication terminal establishes a secure Internet session with a signature server computer system to receive and display an electronic document. The user can then request the generation of an electronic signature for the document. The terminal also receives a code from the signature server via a separate or separately secured side channel, which enhances security by preventing interception of the code during the main communication session. The user combines this code with their authentication information and transmits it back to the server. Additionally, the terminal includes a communication interface to establish a local connection with an ID token (such as a smart card or secure token) assigned to the user. The terminal authenticates the user to the ID token and enables the server to read user attributes stored in the ID token, ensuring end-to-end encryption between the ID token and the server. This ensures that sensitive user data is protected throughout the signing process. The system enhances security by combining secure communication channels, user authentication, and encrypted data transmission.
16. A signature server computer system for generating an electronic signature of a user for an electronic document, said system configured to: establish a secure Internet session between a telecommunication terminal of the user and the signature server computer system, wherein the telecommunication terminal comprises a communication interface for establishing a local connection to an ID token of the user, generate and send a code from the signature server computer system to the telecommunication terminal via a side channel of the mobile communication network, receive a combination of the code and authentication information of the user via the secure Internet session, check the validity of the combination of the code and of the authentication information by the signature server computer system, wherein said signature server computer system comprises a high-security module configured to store the private key of the user for generating the electronic signature of the user, and wherein said system is further configured to: authenticate itself to the ID token via the Internet session, the telecommunication terminal and the local connection, establish a connection, with end-to-end encryption, with the ID token via the Internet session, the telecommunication terminal and the local connection, send a read command to the ID token via the connection with end-to-end encryption for reading attribute values from the ID token, receive the attribute values via the connection with end-to-end encryption, and store the attribute values as part of registration data for the user.
This invention relates to a secure electronic signature system for authenticating users and generating digital signatures for electronic documents. The system addresses the challenge of securely verifying user identity and ensuring the integrity of electronic signatures in online transactions. The system includes a signature server computer that establishes a secure Internet session with a user's telecommunication terminal, such as a smartphone or tablet. The terminal is equipped with a communication interface to connect locally to an ID token, which may be a smart card, USB token, or other secure storage device containing user authentication credentials. The signature server generates and sends a code to the terminal via a side channel of the mobile communication network, separate from the main data channel. The user combines this code with their authentication information and sends it back to the server via the secure session. The server verifies the validity of this combination to authenticate the user. The system also includes a high-security module that securely stores the user's private key, which is used to generate the electronic signature. Additionally, the server authenticates itself to the ID token and establishes an end-to-end encrypted connection to read attribute values from the token, such as biometric data or identity information. These attributes are stored as part of the user's registration data, ensuring secure and verifiable identity management. The system ensures robust authentication and signature generation while maintaining high security standards.
17. The signature server computer system according to claim 16 , wherein the system is further configured to generate a random value or a pseudorandom value for generation of the code, and generate an SMS message in order to send the code via the side channel of the communication network to the telecommunication terminal of the user.
This invention relates to a signature server computer system designed to enhance secure authentication by generating and transmitting a code via a side channel of a communication network. The system addresses the problem of secure code delivery in authentication processes, particularly in scenarios where traditional communication channels may be vulnerable to interception or spoofing. The system generates a random or pseudorandom value to create a code, which is then sent as an SMS message to a user's telecommunication terminal via a side channel. This side channel is a secondary communication path distinct from the primary authentication channel, reducing the risk of code interception or manipulation. The system ensures that the code is transmitted securely, improving the reliability of multi-factor authentication (MFA) or other secure login processes. The invention builds on a broader system that includes a signature server computer system configured to receive a request for a code, generate the code, and transmit it via a side channel. The side channel may include a telecommunication network, such as SMS, to deliver the code to the user's device. The random or pseudorandom value generation ensures that each code is unique and unpredictable, further enhancing security. The SMS message containing the code is sent to the user's telecommunication terminal, which may be a mobile phone or other device capable of receiving SMS messages. This approach mitigates risks associated with phishing, man-in-the-middle attacks, and other security threats in authentication workflows.
Unknown
September 8, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.